How to improve score at IM Observatory?

I'm getting an 80 for Key Exchange Score, a 95 for Protocol Score, and a 50 for Cipher Score

Overall Questions:

How can I improve these scores?

And should I really care about these results?

Results from test:

1.No DNSSEC for my SRV records. However, I verified this with namecheap (my registrar and DNS provider) and they said they confirmed the SRV records are returning DNSSEC. Who do I believe?

2.Key Exchange Score: The test seems to give me no feedback on why my Key Exchange Score was only 80. I click on the score and it takes me to look at my Certificates, but my Certificate Score is 100, and there are no flags among the certficates shown. Oh well.

3. Protocol Score: I'm supporting TLS v1 and apparently I shouldn't be. Can I turn this off in Openfire? Is there a compelling reason to leave it on?

4. Cipher Score: My cipher situation seems to be my main problem (as reflected by my abysmal cipher score). As I interpret the following chart, green is good, grey is meh, orange is bad, and red is really bad.

Cipher suite

Bitsize

Forward secrecy

Info

ECDHE-RSA-AES128-GCM-SHA256(0xc02f)

128

Yes

Curve: prime256v1

ECDHE-RSA-AES128-SHA256(0xc027)

128

Yes

Curve: prime256v1

ECDHE-RSA-AES128-SHA(0xc013)

128

Yes

Curve: prime256v1

DHE-RSA-AES128-GCM-SHA256(0x9e)

128

Yes

Diffie-Hellman:Group: RFC 2409 First Oakley Default GroupBitsize:1024

DHE-RSA-AES128-SHA256(0x67)

128

Yes

Diffie-Hellman:Group: RFC 2409 First Oakley Default GroupBitsize:1024

DHE-RSA-AES128-SHA(0x33)

128

Yes

Diffie-Hellman:Group: RFC 2409 First Oakley Default GroupBitsize:1024

AES128-GCM-SHA256(0x9c)

128

No

-

AES128-SHA256(0x3c)

128

No

-

AES128-SHA(0x2f)

128

No

-

ECDHE-RSA-DES-CBC3-SHA(0xc012)WEAK

112

Yes

Curve: prime256v1

EDH-RSA-DES-CBC3-SHA(0x16)WEAK

112

Yes

Diffie-Hellman:Group: RFC 2409 First Oakley Default GroupBitsize:1024

DES-CBC3-SHA(0xa)WEAK

112

No

-

Note: I'm running Openfire 4.1.5, but it is an upgrade from 3.10.2. Could this be a legacy from upgrading from the older version?

Note2: My clients use the following jabber clients:

Spark on Windows,

Spark or Apple Messages on macOS,

Xabber on Android,

JabberB on iOS

I mention this because perhaps some clients don't support certain ciphers.